SA-17: Developer Security and Privacy Architecture and Design

From NIST's SP800-53:

Require the developer of the system, system component, or system service to produce a design specification and security and privacy architecture that: a. Is consistent with the organization’s security and privacy architecture that is an integral part the organization’s enterprise architecture; b. Accurately and completely describes the required security and privacy functionality, and the allocation of controls among physical and logical components; and c. Expresses how individual security and privacy functions, mechanisms, and services work together to provide required security and privacy capabilities and a unified approach to protection.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Control ID	Description
PR.IP-2	A System Development Life Cycle to manage systems is implemented

Showing 1 to 1 of 1 entries

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

Search:

ATT&CK ID	Title	Associated Tactics
T1482	Domain Trust Discovery	Discovery
T1078.001	Default Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1078.004	Cloud Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1078	Valid Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1078.003	Local Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1574.002	DLL Side-Loading	Defense Evasion, Persistence, Privilege Escalation
T1134.005	SID-History Injection	Defense Evasion, Privilege Escalation

Showing 1 to 7 of 7 entries